User Authenticators

Manage user authenticators, such as WebAuthn credentials, TOTP authenticators, and more. These APIs allow you to view and manage the authenticators that were registered for a given user.

Download OpenAPI description

authenticators.openapi.json

authenticators.openapi.yaml

Servers

Sandbox environment

https://api.sbx.transmitsecurity.io/cis/

Production environment (US)

https://api.transmitsecurity.io/cis/

Production environment (EU)

https://api.eu.transmitsecurity.io/cis/

Production environment (CA)

https://api.ca.transmitsecurity.io/cis/

Production environment (AU)

https://api.au.transmitsecurity.io/cis/

User authenticators

Request

List of authenticators for a user.

Required permissions: organizations:read, orgs:read, users:read, apps:read, [appId]:read, authenticators:read.

Security

ClientAccessToken

Path

userIdstringrequired

ID of the user

curl -i -X GET \
  'https://api.sbx.transmitsecurity.io/cis/v1/users/{userId}/authenticators' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

User authenticators object

Bodyapplication/json

resultArray of objectsrequired

List of user authenticators

result[].idstringrequired

The ID of the authenticator, autogenerated upon registration

result[].typestringrequired

The type of the authenticator

Enum"totp""email_magic_link""email_otp""sms_otp""direct_otp""webauthn""password""mobile_biometric""pin_authenticator""google"

result[].namestring

The name of the authenticator

result[].statusstringrequired

The status of the authenticator. An authenticator is registered if it hasn't yet been used to authenticate, and active if it's been used at least once. Admins can update the status to deactivated to manually block it (either temporarily or permanently) and an authenticator can become locked by the lockout rules defined in its settings.

Enum"Active""Deactivated""Registered""Locked""Deleted"

result[].user_idstring

The ID of the user this authenticator is associated with

result[].registered_atstring(date-time)required

The date the authenticator was registered. For social login methods, this corresponds to the date it was first used to authenticate. For email/SMS-based ones, it corresponds to the date the email/phone number was added to the user profile.

result[].last_successful_authenticationstring(date-time)

Date this authenticator was last used to successfully authenticate.

result[].last_failed_authenticationstring(date-time)

The last failed authentication date. For social login and email/SMS-based methods, this may corresponds to an authentications performed for another app in the tenant.

result[].last_accessed_app_idstring

ID of the last application the authenticator was used to authenticate for

result[].last_accessed_org_idstring

ID of the last organization the authenticator was used to authenticate for

result[].extra_dataobject

One of:

Additional data for the authenticator

Response

application/json

{
  "result": [
    { … }
  ]
}

Unlock authenticator

Request

Unlocks a user's authenticator by clearing all attempts data for the locked user.

Required permissions: apps:edit, [appId]:edit, authenticators:edit.

Security

ClientAccessToken

Path

user_idstringrequired

ID of the user

authenticator_typestringrequired

Authenticator type to unlock.

Enum"totp""email_otp""sms_otp""direct_otp""webauthn""password""pin_authenticator""face"

curl -i -X POST \
  'https://api.sbx.transmitsecurity.io/cis/v1/users/{user_id}/authenticators/{authenticator_type}/unlock' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Responses

User Unlocked